The original version of this article, which has been edited here for use in Insights, ran in the summer 2015 edition of Your NY Connection Magazine, a publication of the New York Insurance Association.

It is flattering, is it not, when people are interested in what you do? “Tell me more,” they say, as you glow with pride and satisfaction. “Please give me details.”

With that in mind, insurance companies should be flattered, perhaps very flattered, by the newest regulatory requirement on the way, courtesy of the National Association of Insurance Commissioners (NAIC): the Corporate Governance Annual Disclosure Model Act. In brief, this is how the act will affect insurers: within the next few years, every, or just about every, state will enact a law and regulation that requires domestic insurers to annually file an expansive range of information regarding their corporate governance and senior management practices.

What follows are details regarding the what, why, how, and when of this imminent regulatory requirement.

What Should Companies Expect?

What will be required, as mentioned, is an annual filing, called a corporate governance annual disclosure, or CGAD for those acronym lovers out there. (You know who you are.) Through this CGAD, insurers will need to describe their corporate governance practices and procedures at a fairly detailed level by responding to a set of inquiries and provisions contained in the model regulation. Here is a partial list of what an insurer will be asked to disclose:

Its corporate governance framework and structure, including duties and structure of the board of directors and its committees

The policies and practices of its board of directors and significant committees, including appointment practices, the frequency of meetings held and review procedures

The policies and practices directing senior management, including a description of defined suitability standards, the insurer’s code of conduct and ethics, performance evaluation and compensation practices, and succession planning

The processes by which its board of directors, committees, and senior management ensure an appropriate level of oversight to the critical risk areas affecting the insurer’s business activities, including risk management processes; the actuarial function; and investment, reinsurance, and business strategy decision-making processes.1

These are merely general descriptions of what will be sought, taken from information released by the NAIC when the model law was adopted. However, a deeper review of the model regulation shows an intention to gain a high level of detail.

For example, insurers are expected to tell regulators how many board meetings were held as well as “information on director attendance,” whether board members are subject to term limits, and whether there is a board “diversity policy”—and, if so, how it functions. They are expected to explain how the qualifications, expertise, and experience of each board member meet the needs of the insurer, whether there are term limits, how the nomination process works, and so on. From there, it flows to matters involving senior management compensation and oversight, compliance efforts, business conduct and ethics, and reporting responsibilities for critical risk areas, which cover pretty much every aspect of an insurer’s operations.

Further, presumably to ensure that the disclosure is taken seriously, the model calls for the company’s CEO or corporate secretary to sign an attestation that, to the best of that individual’s belief and knowledge, the insurer has implemented the corporate governance practices and that a copy of the CGAD has been provided to the insurer’s board or an appropriate committee.

Remember, it is flattering to have someone so interested in what you do. Keep telling yourself that, and these requirements may even make you smile.

Where Did It Come From?

Considering the level of detail sought and that what the NAIC has released is a brand new requirement, it is not unreasonable to wonder from where this requirement originated and why insurers are being asked to adhere to it. The disclosure, like the Own Risk and Solvency Assessment (ORSA) and revisions to the Model Holding Company Act, requiring the filing of enterprise risk reports, is a product of the NAIC’s Solvency Modernization Initiative, which itself was largely a response to the global financial crisis and resulting pressures from federal and international authorities to ensure that the state insurance solvency regime was on solid ground.

Presumably, it is not too much of a stretch to see that very poor corporate governance practices could ultimately lead to a negative financial condition. However, the level of detail required in the CGAD makes it hard to see how each and every area of inquiry is really related to financial condition and solvency.

Furthermore, it is reasonable to ask if the creation of the CGAD was in response to a recognized regulatory problem. The short, if unfortunate, answer is, no.

There was not, for instance, a rash of recent insolvencies that could have been prevented if regulators knew more about companies’ corporate governance practices. In fact, insurance regulators already had a number of tools in their arsenal to examine an insurer’s corporate governance practices prior to the development of the CGAD. And when the proposal was debated at the NAIC during a deliberative process lasting several years, members of its working group acknowledged that there were no regulatory “gaps” that the proposal would fill. That acknowledgement, however, did not stop development of the proposal—or even measurably slow it down.

A Tempered Version

Although the introduction of a new regulatory requirement like CGAD will perhaps cause some consternation among insurers, it is possible to take solace in the fact that the requirement could have been considerably worse.

When it was the subject of deliberations at the NAIC, at one point the idea was to create a scoring template to evaluate an insurer’s corporate governance practices. The National Association of Mutual Insurance Companies (NAMIC) has a very diverse membership, so it felt strongly that such an approach could lead to an unacceptable one-size-fits-all treatment. As a result, NAMIC and other industry advocates strongly opposed the template concept during the NAIC deliberations. The final model reflects consideration of these concerns, characterizing the CGAD as merely a disclosure, which, by the model’s terms, is not meant to “prescribe or impose corporate governance standards and internal procedures beyond that which is already required under applicable state corporate law.”

This language offers some reassurance, although one still has to wonder what regulators are going to do with the disclosed information. Additionally, the idea of scoring has come up in other NAIC discussions, over items such as the financial analysis handbook and examination handbook. So the final chapter may not yet be written.

Another positive outcome to the model that was the product of industry advocacy was the recognition that, with things like ORSA and enterprise risk reports, regulators were already getting considerable information about corporate governance practices so that much of the CGAD content could be redundant. Because of this, the model law allows an insurer to simply reference other such documents when completing a CGAD so that the company does not have to start from scratch. The deliberations on this point also led to a broader discussion that may result in reduced duplicative reporting in other areas.

Finally, as the CGAD disclosure was developed at the NAIC, a recurring theme was the need to keep completed disclosures confidential, considering the level of detail involved. Accordingly, the model law contains tight confidentiality requirements, similar to those found in the ORSA model and the holding company model, to limit access to the filings to regulators and third parties enlisted by regulators to evaluate the disclosure.

On the one hand, this should be reassuring, but on the other, we have seen problems in some states with deviations from the model confidentiality language as the ORSA and holding company laws are adopted. New York in particular took a very different approach, such as adopting the holding company updates by regulation rather than statute. So how the Empire State treats CGAD, regarding confidentiality and perhaps other aspects, remains to be seen.

When Will It Get Here?

The background on NAIC deliberations is relevant not only for understanding where the CGAD came from but also for appreciating the general current tone and direction of the evolution of insurance regulation, which is all about more, not less, regulation. When it comes to the CGAD itself, it is somewhat besides the point, because it is here, or at least coming soon.

How soon? Whether an individual insurer has to file a CGAD depends on whether that company’s domicile state has enacted the requirement. Five states—California, Indiana, Iowa, Louisiana, and Vermont—ultimately enacted the model in 2015. In July 2015, after most states had concluded their 2015 legislative sessions, the model act had been enacted in just four states: Indiana, Iowa, Louisiana, and Vermont. The model calls for filings to be made by June 1 of each calendar year, so companies in those states should have just made their first filings.

Regardless, to be clear, there is little doubt that virtually every insurer will eventually be subject to the CGAD requirement, as the model is on track to be an NAIC accreditation requirement. That means every state will have to enact a law and regulation that is “similar in force and no less effective” than the model for that state’s insurance department to maintain its accreditation with the NAIC. If the model goes through the NAIC process of becoming an accreditation requirement as expected, every state will have to enact the model by the end of 2019 to maintain its accreditation.

In other words, it is just a matter of time before every insurer in the country is made to feel that regulators are very interested in the details of what and how they do things. Prepare to be flattered!

Many thanks to the Regulatory & Legislative Interest Group for its contributions to this article.